CVE-2026-3225
MEDIUM
4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
Description
AI Translation Available
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonce but performs no current_user_can() check, and the QuestionAnswerModel::delete() method only validates minimum answer counts without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete answer options from any quiz question on the site.
862
Missing Authorization
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Access Control
Availability
Potential Impacts:
Read Application Data
Read Files Or Directories
Modify Application Data
Modify Files Or Directories
Gain Privileges Or Assume Identity
Bypass Protection Mechanism
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Dos: Resource Consumption (Other)
Applicable Platforms
Technologies:
AI/ML, Database Server, Not Technology-Specific, Web Server
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.7/inc/Ajax/Abs…
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.7/inc/Ajax/Edi…
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.7/inc/Models/Q…
https://plugins.trac.wordpress.org/changeset?old_path=/learnpress/tags/4.3.2.8&…
https://www.wordfence.com/threat-intel/vulnerabilities/id/fc4afb78-fca6-4cc2-8e…